Community discussions

MUM Europe 2020
 
xins
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 52
Joined: Tue Jun 16, 2009 9:36 pm
Location: Poland, Rzeszów

QoS nat limiting with pcq and QT

Thu Mar 17, 2011 4:17 pm

Hi all,
im strugling for quite some time witch PCQ and QT.

i have specific plan and i can't figure this one by my self...

i have a core router with one bridge and one wan (NATted) and now im trying to do as Megis shown us in US 2009 MUM.

on bridge i have pppoe server.
i want to limit upload and download with pcq and qt using mangle and addres list. i know that i cant use wan interface as a parent (because of NATting) and should use some of global-out/in but after a lot of configuratins im losing hope. can any one just show me 4 mangle rules for upload and download (with interfaces out/in ) and QT to work this out?

when you dont use nat is easy to cut speed...

Please Help

I'm using ROS 5.rc11

if any more explanation is needed i will provide if someone will ask.
Last edited by xins on Sat Mar 19, 2011 11:27 pm, edited 1 time in total.
Im so small
 
xins
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 52
Joined: Tue Jun 16, 2009 9:36 pm
Location: Poland, Rzeszów

Re: QoS last battle

Fri Mar 18, 2011 2:53 pm

Ok i was staring at this hole night...

and from page 10:
Global-Out or Interface HTB?
There are two fundamental differences
In case of SRC-NAT (masquerade) Global-Out
will be aware of private client addresses, but
Interface HTB will not – Interface HTB is after
SRC-NAT
Each Interface HTB only receives traffic that will
be leaving through a particular interface – there
is no need for to separate upload and download
in mangle
is that mean when i use SRC-NAT i cant use interface HTB and should use Global-Out. And another thing i have to make mangle rules separatly for upload and download with selected out interface?(wan for upload_mangle & bridge for download_mangle)?

any confirmation or additional explanation?

and can i after that add priority based on traffic type?
Im so small
 
xins
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 52
Joined: Tue Jun 16, 2009 9:36 pm
Location: Poland, Rzeszów

Re: QoS last battle

Fri Mar 18, 2011 3:23 pm

ok aftere some testing i mange to mangle corectly upload traffic:
Image

Uploaded with ImageShack.us

and here is the conf for QT:
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=5M name=upload parent=global-out priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=2M_up packet-mark=2m_up_packet parent=upload priority=8 \
    queue=2M_up

and for mangle:
add action=mark-connection chain=forward disabled=no new-connection-mark=\
    2m_up_conn out-interface=ether9 passthrough=yes src-address-list=2mbit
add action=mark-packet chain=forward connection-mark=2m_up_conn disabled=no \
    new-packet-mark=2m_up_packet out-interface=ether9 passthrough=no
ether9 is my wan (in my test lab)

still trying to corectly mangle download any hints?
Im so small
 
xins
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 52
Joined: Tue Jun 16, 2009 9:36 pm
Location: Poland, Rzeszów

Re: QoS nat limiting with pcq and QT

Sun Mar 20, 2011 8:55 pm

i see evryone on this forums is very helpful... so after next days i figure this out :P and im still share this with u people.

AND dont say that nobody have NATED networks? :P

MANGLE:
/ip firewall mangle
add action=mark-connection chain=forward disabled=no new-connection-mark=\
    2m_up_conn out-interface=ether9 passthrough=yes src-address-list=2mbit
add action=mark-packet chain=forward connection-mark=2m_up_conn disabled=no \
    new-packet-mark=2m_up_packet out-interface=ether9 passthrough=no
add action=mark-connection chain=forward disabled=no dst-address-list=2mbit \
    in-interface=ether9 new-connection-mark=2m_down_conn passthrough=yes
add action=mark-packet chain=forward connection-mark=2m_down_conn disabled=no \
    new-packet-mark=2m_down_pack passthrough=no
add action=mark-connection chain=forward disabled=no new-connection-mark=\
    1m_up_conn out-interface=ether9 passthrough=yes src-address-list=1mbit
add action=mark-packet chain=forward connection-mark=1m_up_conn disabled=no \
    new-packet-mark=1m_up_packet out-interface=ether9 passthrough=no
add action=mark-connection chain=forward disabled=no dst-address-list=1mbit \
    in-interface=ether9 new-connection-mark=1m_down_conn passthrough=yes
add action=mark-packet chain=forward connection-mark=1m_down_conn disabled=no \
    new-packet-mark=1m_down_pack passthrough=no
QT:
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=5M name=upload parent=global-out priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=2M_up packet-mark=2m_up_packet parent=upload priority=8 \
    queue=2M_up
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=5M name=download parent=global-out priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=2m_down packet-mark=2m_down_pack parent=download priority=\
    8 queue=2M-down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=1M_down packet-mark=1m_down_pack parent=download priority=\
    8 queue=1M_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=1M_up packet-mark=1m_up_packet parent=upload priority=8 \
    queue=1M_up
queue type:
add kind=pcq name=2M_up pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=\
    10s pcq-classifier=src-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=2M pcq-src-address-mask=32 \
    pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=2M-down pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=2M pcq-src-address-mask=32 \
    pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=1M_down pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=1M pcq-src-address-mask=32 \
    pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=1M_up pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=\
    10s pcq-classifier=src-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=1M pcq-src-address-mask=32 \
    pcq-src-address6-mask=64 pcq-total-limit=2000
You must remember that upload mangle rules must bu higher then download mangle for the same adress list.

NOW i will try add QoS based on type of traffic to this...

ENJOY
Im so small
 
User avatar
ZoemDoef
just joined
Posts: 23
Joined: Fri Oct 20, 2006 11:02 am
Location: South Africa

Re: QoS nat limiting with pcq and QT

Thu Mar 31, 2011 9:29 pm

xins

I agree, i have searched the forum and could not find much else on the topic you raise here. I am also very interrested to get the forums suggestions and opinions on this.
 
boardman
Member Candidate
Member Candidate
Posts: 260
Joined: Fri May 28, 2004 11:10 pm
Location: Mexico
Contact:

Re: QoS nat limiting with pcq and QT

Sat May 07, 2011 10:27 pm

Nice


Thanks
 
Twas
just joined
Posts: 21
Joined: Tue Dec 30, 2008 2:13 am

Finally a real PCQ Example - Upload and Download

Sun Jun 26, 2011 6:54 am

XINS,
You are the very first to ever show both the upload and download side of managing PCQ. I don't really care what others say because I have tried to figure this out for two years. I have even went so far as to pay a Mikrotik Certified and recommended by MT tech just to be told this can't be done correctly. I could always get either the upload or the download to work, but never both correctly balanced.
So, the rest of these supposedly MT techs including MT themselves have never shown what you have shown here. Yes they answer questions leaving the end user with more questions. They rarely offer solid information. Hats off to a job well done and thank you for your hours of work.
If you ever implement QOS with this model I will be happy to pay you for an outline. Janis Megis seems to know what he is talking about, but you should have gave the course on "Basic PCQ", not him.

Your method works and that is what counts. MT should always follow your way of doing things in their courses, rather than giving outlines with few solutions that are open ended with no definition.

Thanks
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: QoS nat limiting with pcq and QT

Sun Jun 26, 2011 7:30 am

I find it easier to just use different chains and interface directions. To me it Is also easier and cheaper on the CPU to just mark packets if queues are the only purpose of marking, and you have few qualifiers. I use this on NAT routers, and speeds are correctly shaped both ways. Technically you could consider it wasteful to let packets get to postrouting before shaping but it's easy to troubleshoot and configure to me.

In the below example silver is a class for 1m down and 512k up, based on address lists. Gold is 2m/1m. All classes are limited to 10-11m total.
/ip firewall mangle
add chain=postrouting out-interface=LAN dst-address-list=silver action=mark-packet new-packet-mark=silver-down passthrough=no
add chain=postrouting out-interface=LAN dst-address-list=gold action=mark-packet new-packet-mark=gold-down passthrough=no
add chain=prerouting in-interface=LAN src-address-list=silver action=mark-packet new-packet-mark=silver-up passthrough=no
add chain=prerouting in-interface=LAN src-address-list=gold action=mark-packet new-packet-mark=gold-up passthrough=no

/queue type add kind=pcq name="silver-up" pcq-classifier=src-address pcq-limit=50 pcq-rate="512000" pcq-total-limit="204800";
/queue type add kind=pcq name="silver-down" pcq-classifier=dst-address pcq-limit=50 pcq-rate="1000000" pcq-total-limit="204800";
/queue type add kind=pcq name="gold-up" pcq-classifier=src-address pcq-limit=50 pcq-rate="1000000" pcq-total-limit="204800";
/queue type add kind=pcq name="gold-down" pcq-classifier=dst-address pcq-limit=50 pcq-rate="2000000" pcq-total-limit="204800";


/queue tree add limit-at="10000000" max-limit="11000000" name="silver-up" packet-mark="silver-up" parent="global-in" queue="silver-up"
/queue tree add limit-at="10000000" max-limit="11000000" name="silver-down" packet-mark="silver-down" parent="global-out" queue="silver-down"
/queue tree add limit-at="10000000" max-limit="11000000" name="gold-up" packet-mark="gold-up" parent="global-in" queue="gold-up"
/queue tree add limit-at="10000000" max-limit="11000000" name="gold-down" packet-mark="gold-down" parent="global-out" queue="gold-down"
This is not to take away from the post, just an alternative way of achieving the same thing.
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.
 
boardman
Member Candidate
Member Candidate
Posts: 260
Joined: Fri May 28, 2004 11:10 pm
Location: Mexico
Contact:

Re: QoS nat limiting with pcq and QT

Sun Jun 26, 2011 8:38 pm

I find it easier to just use different chains and interface directions. To me it Is also easier and cheaper on the CPU to just mark packets if queues are the only purpose of marking, and you have few qualifiers. I use this on NAT routers, and speeds are correctly shaped both ways. Technically you could consider it wasteful to let packets get to postrouting before shaping but it's easy to troubleshoot and configure to me.

In the below example silver is a class for 1m down and 512k up, based on address lists. Gold is 2m/1m. All classes are limited to 10-11m total.
/ip firewall mangle
add chain=postrouting out-interface=LAN dst-address-list=silver action=mark-packet new-packet-mark=silver-down passthrough=no
add chain=postrouting out-interface=LAN dst-address-list=gold action=mark-packet new-packet-mark=gold-down passthrough=no
add chain=prerouting in-interface=LAN src-address-list=silver action=mark-packet new-packet-mark=silver-up passthrough=no
add chain=prerouting in-interface=LAN src-address-list=gold action=mark-packet new-packet-mark=gold-up passthrough=no

/queue type add kind=pcq name="silver-up" pcq-classifier=src-address pcq-limit=50 pcq-rate="512000" pcq-total-limit="204800";
/queue type add kind=pcq name="silver-down" pcq-classifier=dst-address pcq-limit=50 pcq-rate="1000000" pcq-total-limit="204800";
/queue type add kind=pcq name="gold-up" pcq-classifier=src-address pcq-limit=50 pcq-rate="1000000" pcq-total-limit="204800";
/queue type add kind=pcq name="gold-down" pcq-classifier=dst-address pcq-limit=50 pcq-rate="2000000" pcq-total-limit="204800";


/queue tree add limit-at="10000000" max-limit="11000000" name="silver-up" packet-mark="silver-up" parent="global-in" queue="silver-up"
/queue tree add limit-at="10000000" max-limit="11000000" name="silver-down" packet-mark="silver-down" parent="global-out" queue="silver-down"
/queue tree add limit-at="10000000" max-limit="11000000" name="gold-up" packet-mark="gold-up" parent="global-in" queue="gold-up"
/queue tree add limit-at="10000000" max-limit="11000000" name="gold-down" packet-mark="gold-down" parent="global-out" queue="gold-down"
This is not to take away from the post, just an alternative way of achieving the same thing.

Hi fewi, nice share,

How do you get to / calculate this values : pcq-total-limit="204800"; ?

Regards
J. Boardman
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: QoS nat limiting with pcq and QT

Sun Jun 26, 2011 9:21 pm

pcq-limit is the number of packets that can be queued per sub stream (so in this case per user). pcq-total-limit should be set to pcq-limit multiplied by the number of concurrent users. 204800 would be good for 4096 users. Which I guess doesn't make much sense with a total limit of 10 megs, should have edited that down to a lower number.
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.
 
CCDKP
Member Candidate
Member Candidate
Posts: 170
Joined: Fri Jan 28, 2011 11:24 pm
Location: Midwest, United States

Re: QoS nat limiting with pcq and QT

Tue Jun 28, 2011 4:53 pm

I take vacation for a week and this is what I miss!

It looks like you pretty much have it by now, but for the sake of adding another example, I did PCQ with NAT on my P2P blocking script:
http://forum.mikrotik.com/viewtopic.php ... 83#p249583
CC_DKP: MTCNA, MTCRE, MTCWE, MTCTCE, part-time packet wrangler

Who is online

Users browsing this forum: Google [Bot] and 112 guests